Hi support,
I have done upgrade on our test environnement Jira to 7.6.0 before make it on Prod.
After done it I have issue on base url for gadgets:
Checks if JIRA is able to access itself through the configured Base URL to ensure that dashboard gadgets will work.
Could you help please?
Kindly,
Jacyntha
During the rendering of the gadgets, Jira tries to connect to itself by the configured basurl. This means the server fires serverside https calls to he configured base url.
If you encounter an issue an the dashboard you need to be ensure that:
- your ssl is valid or imported correctly into your keystore
- if you request your jira url with wget or curl, that the login form is the response, to be sure that nothing is between the communication (blocking firewall, 2 factor authentication, ...)
All at all : Keep sure the server can resolve the Jira's url without any issue, then your issue is gone.
You can find more informations here:
Hi Oliver,
Thanks for your feedback.
When I click on the ur that you have done I have :
They say that all roads, lead to Rome.
But we’ve lost our way, so let’s try going home.
Head to our documentation homepage that does exist.
Could you send here step to follow please?
kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Interesting, the community editor is adding some extra parameter at the end "ga ...."
just remove it i the browser header and then the link worked.
I try to insert it again How to fix gadget titles showing as __MSG_gadget
Maybe this article will help you to:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Oliver,
All gadget seems fine on my dashboard but I have this warning detailled on my first creation.
Checks if JIRA is able to access itself through the configured Base URL to ensure that dashboard gadgets will work.
What did means? how to avoir it.
$ curl -v https://tapq186lv/lynx
* About to connect() to tapq186lv port 443 (#0)
*   Trying 192.168.183.129... connected
* Connected to tapq186lv (192.168.183.129) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Remote Certificate has expired.
* NSS error -8181
* Closing connection #0
* Peer certificate cannot be authenticated with known CA certificates
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
[ TAPQ186LV | root | 2018-02-22 11:14:28 | /root ]
$ curl -k https://tapq186lv/lynx
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://tapq186lv/lynx/">here</a>.</p>
</body></html>
Kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
$ wget https://tapq186lv/lynx --no-check-certificate
--2018-02-22 11:48:58--  https://tapq186lv/lynx
Resolving tapq186lv... 192.168.183.129
Connecting to tapq186lv|192.168.183.129|:443... connected.
WARNING: cannot verify tapq186lv’s certificate, issued by “/DC=mg/DC=telma/DC=corp/CN=Telma CA”:
  Self-signed certificate encountered.
WARNING: certificate common name “TAPP85LV” doesn’t match requested host name “tapq186lv”.
HTTP request sent, awaiting response... 302 Found
Location: https://tapq186lv/lynx/ [following]
--2018-02-22 11:48:58--  https://tapq186lv/lynx/
Reusing existing connection to tapq186lv:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: “index.html”
    [ <=>                                                                                                                           ] 37,097      --.-K/s   in 0.03s
2018-02-22 11:48:58 (1.33 MB/s) - “index.html” saved [37097]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"What did means? how to avoir it." It means that Jira can't connect to itself with https requests. The reasons are the reasons I exlplained
It sounds as your SSL is self signed, so you need to import it into your keystore so that Jira is not unhappy with it:
And check your server.xml setting if it's correct with proxyName ....
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you clone the prod machine to test and assign a different URL to the clone?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Oliver,
No issue on the certificate. I have verified it.
Hi Danyal,
our test server is a clone of our Prod but the cloning was already long and the test had always worked on all the updates that we have done since
Kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
and assign a different URL to the clone?
This bit is kind a important :)
You might have ignored this error previously. It is not an obvious eye catcher.
May I see the jira log. Is there a PKIX exception in the logs ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Danyal,
I have this on catalina.out:
2018-02-22 15:11:01,604 HealthCheck:thread-8 ERROR ServiceRunner     [c.a.t.j.healthcheck.support.BaseUrlHealthCheck] An error occurred when performing the Base URL hea
lthcheck:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp ch
eck failed
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectio
Kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No issue on the certificate. I have verified it.
how did you verify it? the exception points towards a corrupt/untrusted certificate.
You need to add a valid certificate to the java keystore used by your instance. Use ps -ef or the task manager to see the path of the java installation used by your tomcat, since multiple java installations are common in atlassian servers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Only one instance for java:
jira 26244 1 2 12:08 ? 00:05:15 /opt/java/jre/bin/java -Djava.util.logging.config.file=/opt/atlassian2/jira/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms512m -Xmx1024m -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory -XX:-OmitStackTraceInFastThrow -Datlassian.plugins.startup.options= -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Xloggc:/opt/atlassian2/jira/logs/atlassian-jira-gc-%t.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=20M -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintGCCause -classpath /opt/atlassian2/jira/bin/bootstrap.jar:/opt/atlassian2/jira/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian2/jira -Dcatalina.home=/opt/atlassian2/jira -Djava.io.tmpdir=/opt/atlassian2/jira/temp org.apache.catalina.startup.Bootstrap start
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
generate a new certificate with the correct URL and import it into the java keystore, in your case /opt/java/jre/lib/security/cacert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Danyal,
Certicifate has done and applied on cacert but always have error:
2018-02-22 17:34:15,325 HealthCheck:thread-3 ERROR      [c.a.t.j.healthcheck.support.BaseUrlHealthCheck] An error occurred when performing the Base URL healthcheck:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
Kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
2018-02-22 17:34:15,310 HealthCheck:thread-5 WARN      [c.a.t.j.healthcheck.util.SupportEolCheckUtil] Not able to retrieve the JIRA version information from MPAC
2018-02-22 17:34:15,310 HealthCheck:thread-5 ERROR      [c.a.t.j.healthcheck.support.EolSupportHealthCheck] An error occurred when performing the EOL check, see the exceptions for more info
org.apache.http.conn.HttpHostConnectException: Connect to marketplace.atlassian.com:443 [marketplace.atlassian.com/34.239.16.84, marketplace.atlassian.com/34.205.61.250, marketplace.atlassian.com/52.2.89.223] failed: Connection refused
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:159)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
Update please?
This error is not due to this warning when starting jira:
2018-02-26 09:48:06,024 JIRA-Bootstrap WARN      [c.a.jira.health.HealthChecks] We've found a problem with your database connection URL
2018-02-26 09:48:06,026 JIRA-Bootstrap WARN      [c.a.jira.health.HealthChecks] The connection URL in your dbconfig.xml file contains the storage_engine parameter, which has been deprecated. This should be replaced with the default_storage_engine parameter.
Kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
2018-02-26 10:15:28,833 HealthCheck:thread-7 WARN      [c.a.t.j.healthcheck.util.SupportEolCheckUtil] Not able to retrieve the JIRA version information from MPAC
2018-02-26 10:15:28,834 HealthCheck:thread-7 ERROR      [c.a.t.j.healthcheck.support.EolSupportHealthCheck] An error occurred when performing the EOL check, see the exceptions for more info
org.apache.http.conn.HttpHostConnectException: Connect to marketplace.atlassian.com:443 [marketplace.atlassian.com/34.239.16.84, marketplace.atlassian.com/34.205.61.250, marketplace.atlassian.com/52.2.89.223] failed: Connection refused
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:159)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
......
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
        ... 18 more
2018-02-26 10:15:28,864 HealthCheck:thread-5 ERROR      [c.a.t.j.healthcheck.support.BaseUrlHealthCheck] An error occurred when performing the Base URL healthcheck:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
...
        at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 27 more
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        ... 33 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sun Oct 11 16:02:27 EAT 2015
        at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
        at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
        at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:190
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
You are trying to communicate with a server whose certificate has expired. The previously mentioned solution is still valid. You can either renew the certificate or switch to http:)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
The certificate is now OK but I have a question: Is possible that upgrade make an attachment disappeared or surpressed?
Kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No attachments never get removed or compressed in upgrade process.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
When I upgraded now to 7.6.2. I have this error:
Backing up the JIRA home directory
com.install4j.runtime.beans.actions.files.CreateZipFileAction failed
Ignore [i, Enter], Quit [q]
Deleting the previous JIRA installation directory...
Extracting files ...
Please wait a few moments while JIRA Software is configured.
Installation of JIRA Software 7.6.2 is complete
Start JIRA Software 7.6.2 now?
Yes [y], No [n, Enter]
Installation of JIRA Software 7.6.2 is complete
Your installation of JIRA Software 7.6.2 is now ready.
Custom modifications
Your previous JIRA installation contains customisations (eg server.xml) that
must be manually transferred. Refer to our documentation more information:
http://docs.atlassian.com/jira/jadm-docs-076/Upgrading+JIRA+applications+manually#UpgradingJIRAapplicationsmanually-configuringnewjiraasold3.4MigrateyourexistingJIRAconfigurationsovertoyournewJIRAinstallation
Finishing installation ...
And then we it's finished with this error JIra can't be started.
Could you help please?
Kindly,
Jacyntha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.